How I was able to get subscription of $120/year For Free | Bug Bounty POC

How I was able to get subscription of $120/year For Free | Bug Bounty POC

About 2 Months ago a friend gave me his wetransfer.com account to send a 15GB file to a friend as he was using WeTransfer Plus subscription that he bought for $120/year

i’ve decided to test WeTransfer for any possible vulnerability that can result of me bypassing their payment system or getting a Plus subscription for completely free

well for this i first tried changing amount in HTTP request etc but no such method worked for me so i google “wetransfer plus free” Just to see if there is any promo going on that i can use or can misuse to get access to WeTransfer Plus for free

i saw that they are giving free 1 year Plus subscription to Students if they signup for account using their Educational institutes Email (with .edu domain)

So now when we put an email with .edu domain it says

As my institute don’t provide us with any student email si it means that i can’t get the Link to free account, But then i checked how the email is sent to user and what it might have in it….

so i used a fake .edu email i.e: testttsttststst7@mail.edu and clicked send request the HTTP request sent was like

The response contains a Code like “9e0bca0a6d92“, This Code should be according to the upper mention line on the page “we’ll send you a link to claim your free Plus account.” should be sent to the email with a link but instead HTTP response leaks the code that was generated by API for that particular .edu email

Now The next issue was how to use that code or How can i validate that code if it works or not as No signup page or no setting area contain a field to add a coupon code.

after a bit checking i found a way to use that coupon and it was pretty simple go to https://wetransfer.com/plus and select “Annual subscription” that cost “120 USD”

and Fill in your details. then i Simply intercept the request and the request Going was be similar to

hey yeh so i didn’t see that necessary all as talked to many about it but for you once again “if you go to settings subscription and saw the perimeters you can see the hidden perimeter and yeh that was all add it to create account instead of settings” Hope that explains for you?